search.c: searchit(): Remove strlen() check

While in the `while` loop at line 603 of function searchit(), memory address ptr+matchpos is always valid. The strlen() check should not be necessary to verify this. Also added a check to prevent reading a line after the end of the buffer.
2024-12-20 19:25:11 -07:00 · 2016-01-26 18:24:28 +01:00 · 2016-01-26 18:24:28 +01:00 · 18ca2035fe
commit 18ca2035fe
parent 9b0b3a0883
1 changed files with 23 additions and 27 deletions
--- a/src/nvim/search.c
+++ b/src/nvim/search.c
@ -621,43 +621,39 @@ int searchit(
                  break;
                }
                matchcol = endpos.col;
-                /* for empty match: advance one char */
-                if (matchcol == matchpos.col
-                    && ptr[matchcol] != NUL) {
-                  if (has_mbyte)
-                    matchcol +=
-                      (*mb_ptr2len)(ptr + matchcol);
-                  else
-                    ++matchcol;
-                }
+                // for empty match (matchcol == matchpos.col): advance one char
              } else {
+                // Prepare to start after first matched character.
                matchcol = matchpos.col;
-                if (ptr[matchcol] != NUL) {
-                  if (has_mbyte)
-                    matchcol += (*mb_ptr2len)(ptr
-                                              + matchcol);
-                  else
-                    ++matchcol;
              }
+
+              if (matchcol == matchpos.col && ptr[matchcol] != NUL) {
+                matchcol += MB_PTR2LEN(ptr + matchcol);
              }
-              if (matchcol == 0 && (options & SEARCH_START))
+
+              if (matchcol == 0 && (options & SEARCH_START)) {
                break;
-              if (STRLEN(ptr) <= (size_t)matchcol || ptr[matchcol] == NUL
-                  || (nmatched = vim_regexec_multi(&regmatch,
-                          win, buf, lnum + matchpos.lnum,
-                          matchcol,
-                          tm
-                          )) == 0) {
-                match_ok = FALSE;
+              }
+
+              if (ptr[matchcol] == NUL ||
+                  (nmatched = vim_regexec_multi(&regmatch, win, buf, lnum,
+                                                matchcol, tm)) == 0) {
+                match_ok = false;
                break;
              }
              matchpos = regmatch.startpos[0];
              endpos = regmatch.endpos[0];
              submatch = first_submatch(&regmatch);

-              /* Need to get the line pointer again, a
-               * multi-line search may have made it invalid. */
-              ptr = ml_get_buf(buf, lnum + matchpos.lnum, FALSE);
+              // This while-loop only works with matchpos.lnum == 0.
+              // For bigger values the next line pointer ptr might not be a
+              // buffer line.
+              if (matchpos.lnum != 0) {
+                break;
+              }
+              // Need to get the line pointer again, a multi-line search may
+              // have made it invalid.
+              ptr = ml_get_buf(buf, lnum, false);
            }
            if (!match_ok)
              continue;